On Saturday Patently Apple posted a report titled “Apple Accused of Bowing to Chinese Government by Shutting Down VPN Service Apps.” The report covered ExpressVPN making it public that Apple sent them a letter notifying them that their app was being removed from the App Store because it included content that is illegal in China, which is not in compliance with the App Store Review Guidelines. Apple’s CEO has made it clear that they would follow the laws of the land that do business in. Today the Chinese Government made a formal statement to help clarify the VPN matter.

The Singapore government has issued its long-awaited draft Cybersecurity Bill for public consultation. In light of the global increase in cybersecurity threats, the draft bill seeks to provide a framework for national cybersecurity and protect critical information infrastructure against cybersecurity threats. The provision of certain investigative and non-investigative cybersecurity services will also now be regulated under the draft bill. Click here for a detailed alert on the topic.

Collaboration between NIST and IEEE P2302™ will help build consensus on creating an Intercloud—an open, transparent infrastructure amongst cloud providers to support evolving technological and business models

PISCATAWAY, N.J.–(BUSINESS WIRE)–IEEE, the world’s largest technical professional organization dedicated to advancing technology for humanity, and the IEEE Standards Association (IEEE-SA), today announced a new collaborative effort has been launched with NIST to meet the growing demand for standards that address Intercloud interoperability. The new cooperative arrangement brings together efforts from the NIST Public Working Group on Federated Cloud (PWGFC) with the IEEE Intercloud Working Group (ICWG) developing IEEE P2302TM—Standard for Intercloud Interoperability and Federation.

Local and state government agencies from Oregon to Connecticut say they are using a Russian brand of security software despite the federal government’s instructions to its own agencies not to buy the software over concerns about cyberespionage, records and interviews show.

The federal agency in charge of purchasing, the General Services Administration, this month removed Moscow-based Kaspersky Lab from its list of approved vendors. In doing so, the agency’s statement suggested a vulnerability exists in Kaspersky that could give the Russian government backdoor access to the systems it protects, though they offered no explanation or evidence of it. Kaspersky has strongly denied coordinating with the Russian government and has offered to cooperate with federal investigators.

The Deputy Prime Minister yesterday conceded that the Bahamas “continues to fall too far down the scale”, after this nation was ranked 129th out of 164 countries for its commitment and effectiveness in fighting cyber crime.

K P Turnquest acknowledged that the Bahamas’ ranking in the bottom third of the Global Cybersecurity Index (GCI), published by the International Telecommunications Union (ITU), could “undermine” the financial services industry and this nation’s desire to expand its information technology (IT) capabilities.

The draft legislation provides further guidance on the regulations provided in the recent cybersecurity law, including definitions and details on the security assessments required for cross-border data transfers.

China’s recently enacted Cybersecurity Law (CL), effective June 1, 2017, requires that personal information and important data collected and produced by critical information infrastructure (CII) operators in China be stored in China. The CL also requires that security assessments be performed before personal information and important data are provided to any entity or individual outside of China (Cross-border Data Transfer).[1] Along with the CL, China has published other draft legislation addressing the requirements for local storage and Cross-border Data Transfer and soliciting public comments. The new draft implementing rules include

The Telecommunications Regulatory Authority (TRA) has issued resolution number 5 of 2017 on its website and published in the Official Gazette the new set of regulations on critical telecommunications infrastructure (CTI) risk management.

Keeping Pace with an Evolving Threat

Today NATO faces ongoing efforts from antagonists, including non-state actors, to intimidate and destabilize member states through cyber-attacks. The notion of cyber warfare is not new, but the scale, speed, and intensity of the challenge demands a new approach toward the preparation, deterence, and defense against these threats. One important innovation that cyber activities provide an adversary is ambiguity, both of intent and attribution. The source of cyber aggression is not easy to identify and requires advanced technological capabilities that only a few member states in NATO possess. Cyber aggression is even more difficult to prove publicly because laws and regulations in cyberspace are still incomplete. For NATO, the ambiguity of cyber campaigns present challenges vis-à-vis action that needs to be collectively addressed across the political, military, civilian, and technological spectrum. The following recommendations are designed to strengthen NATO resilience in cyberspace.